diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-26 23:06:20 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2019-09-26 23:06:20 +0000 |
commit | e728ba7e356ffcb12fe8c4f12c13f369a38ae46c (patch) | |
tree | 0f07f925e8cf2b144e9a333061999116331d8e16 | |
parent | 47949f6a70760432cf19302d4a8bbb885cdb1368 (diff) | |
download | gitlab-ce-e728ba7e356ffcb12fe8c4f12c13f369a38ae46c.tar.gz |
Update CHANGELOG.md for 12.1.12
[ci skip]
12 files changed, 17 insertions, 58 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 9e249887053..f02725c2e88 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,23 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 12.1.12 + +### Security (11 changes) + +- Add a policy check for system notes that may not be visible due to cross references to private items. +- Display only participants that user has permission to see on milestone page. +- Do not disclose project milestones on group milestones page when project milestones access is disabled in project settings. +- Fix new project path being disclosed through unsubscribe link of issue/merge requests. +- Prevent bypassing email verification using Salesforce. +- Do not show resource label events referencing not accessible labels. +- Cancel all running CI jobs triggered by the user who is just blocked. +- Fix Gitaly SearchBlobs flag RPC injection. +- Only render fixed number of mermaid blocks. +- Prevent GitLab accounts takeover if SAML is configured. +- Upgrade mermaid to prevent XSS. + + ## 12.1.11 - No changes. diff --git a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml b/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml deleted file mode 100644 index 03658c931a3..00000000000 --- a/changelogs/unreleased/security-12630-private-system-note-disclosed-in-graphql.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Add a policy check for system notes that may not be visible due to cross references - to private items -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml b/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml deleted file mode 100644 index 574f9f8283c..00000000000 --- a/changelogs/unreleased/security-12717-fix-confidential-issue-assignee-visible-to-guests.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Display only participants that user has permission to see on milestone page -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml b/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml deleted file mode 100644 index 7625655cadd..00000000000 --- a/changelogs/unreleased/security-12718-project-milestones-disclosed-via-groups.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Do not disclose project milestones on group milestones page when project milestones - access is disabled in project settings -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-64938-dont-disclose-path.yml b/changelogs/unreleased/security-64938-dont-disclose-path.yml deleted file mode 100644 index 0c858401233..00000000000 --- a/changelogs/unreleased/security-64938-dont-disclose-path.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -title: Fix new project path being disclosed through unsubscribe link of issue/merge - requests -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml b/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml deleted file mode 100644 index 20b841b68f8..00000000000 --- a/changelogs/unreleased/security-bypass-email-verification-using-salesforce.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent bypassing email verification using Salesforce -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-cross-reference-fix.yml b/changelogs/unreleased/security-cross-reference-fix.yml deleted file mode 100644 index 15d6509fd63..00000000000 --- a/changelogs/unreleased/security-cross-reference-fix.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Do not show resource label events referencing not accessible labels. -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml b/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml deleted file mode 100644 index 1bc4345d5b6..00000000000 --- a/changelogs/unreleased/security-fp-stop-jobs-when-blocking-user.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Cancel all running CI jobs triggered by the user who is just blocked -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-gitaly-1-53-4.yml b/changelogs/unreleased/security-gitaly-1-53-4.yml deleted file mode 100644 index e532a8aba9f..00000000000 --- a/changelogs/unreleased/security-gitaly-1-53-4.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Fix Gitaly SearchBlobs flag RPC injection -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-mermaid-block.yml b/changelogs/unreleased/security-mermaid-block.yml deleted file mode 100644 index 993e8cfec08..00000000000 --- a/changelogs/unreleased/security-mermaid-block.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Only render fixed number of mermaid blocks -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml b/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml deleted file mode 100644 index 9022bc8a26f..00000000000 --- a/changelogs/unreleased/security-sarcila-verify-saml-request-origin.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Prevent GitLab accounts takeover if SAML is configured -merge_request: -author: -type: security diff --git a/changelogs/unreleased/security-xss-mermaid-12-1.yml b/changelogs/unreleased/security-xss-mermaid-12-1.yml deleted file mode 100644 index 2437305b77f..00000000000 --- a/changelogs/unreleased/security-xss-mermaid-12-1.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -title: Upgrade mermaid to prevent XSS -merge_request: -author: -type: security |